VM Unpacker1.5 July 31, 2008
Posted by reversengineering in TOOLS, UNPACKERS.2 comments
VM Unpacker 1.5
DownloadLink: http://rapidshare.com/files/133785241/VM_Unpacker_1.5.rar
Anti unpacker tricks July 31, 2008
Posted by reversengineering in MUPS, other protectors and packers.add a comment
hi nice article about anti unpacker tricks
by CURRENT
Peter Ferrie, Senior Anti-Virus Researcher, Microsoft Corporation
-http://letitbit.net/download/f173be460322/1025-Anti-unpacker-tricks.rar.html
WinUpack KiLLeR 0.1 July 31, 2008
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
its rus tool
WinUpack_KiLLeR 0.1 by flashback
_wWw.Fba2008.land.ru
_http://letitbit.net/download/48fd57784448/WinUpack-KiLLeR.7z.html
Superior Patch Generator 1.1 July 31, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
Superior Patch Generator 1.1by Nieylana
Here is version 1.1 of my AM 6.x inline generator. This tool uses the Superior Method of Inline Patching for the most reliability in getting a working inline (especially for v6.3). Check it out and tell me what you think.
http://letitbit.net/download/4e2ae0679271/SuperiorPatchGenerator.rar.html
Jetico.BestCrypt.Volume.Encryption.v2.10.00.WinAll .Cracked-CRD July 31, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
BestCrypt Volume Encryption software
provides transparent encryption of
all the data stored on fixed and
removable disk devices.
BestCrypt Volume Encryption software opens a new class of Volume
Encryption products. With the software users can encrypt old
MS-DOS style disk partitions as well as modern volumes residing on a
number of physical disk devices, for example Spanned, Striped, Mirrored or RAID-5 volumes
_http://rapidshare.com/files/133789126/rls.rar
if u like it buy it
svkp Scrambler July 31, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
hi
new tool:svkp Scrambler
_http://letitbit.net/download/fae022259059/svkp.scrambler.zip.html
ExeCryptor HWID Patching, Tutorial how to patch a other HWID permanently July 31, 2008
Posted by reversengineering in execryptor, MUPS, RCE.add a comment
Hello together,
today I have made a new flash tutorial about patching ExeCryptor´s HWID
permanently in a unpacked EC target to get a running file with also the valid
name,serial and HWID of course.
greetz
by LCF-AT
_http://rapidshare.com/files/133785363/ExeCryptor_HWID_Patching.rar
LAG Loader Generater 1.0 July 31, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
LAG Loader Generater 1.0
author: golds7n[LAG]
1Single process and multithread dynamic patch technology
2Easyly patch Exe,Dll,Ocx etc.
3Compatible with asm,vb,vc,vfp,pb,pascal etc.
4More convenient and stability for packed program.
Сам не пробовал 
но вроде по коментам китаецев неплохо работает
http://rapidshare.com/files/133708026/Lag-Loader.zip
UPX 3.03 27 Apr 2008 July 31, 2008
Posted by reversengineering in PACKER, TOOLS.add a comment
UPX 3.03 27 Apr 2008
Changes in 3.03 (27 Apr 2008):
* implement cache flushing for PowerPC (esp. model 440)
* fix cache flushing on MIPS (>3 MiB compressed, or with holes)
* fix MIPS big-endian
* bug fixes
MANUAL UNPACKING + (PLUS) (PA) by RE.M-JNop790 پارسی July 29, 2008
Posted by reversengineering in armadillo, asprotect, MUPS, other protectors and packers, پارسی.2 comments
سلام
بالاخره وقتی پیدا شد تا تمام نوشته ها و ترجمه های خودمو در زمینه انپکینگ و مهندسی معکوس در یک کتابچه کوچولو جمع و جور کنم.
امیدورام مطالب مفید افتد و این قدم کوچک باعث قدم های بزرگتر بشود.
همچنین امید دارم از این مطالب در جهت صلح و دوستی استفاده شود نه در راه ضرر زدن به منافع شرکتهای سازنده نرم افزار
مسئولیت استفاده از این مطالب به عهده شخص خواننده میباشد.
با سپاس از همه دوستان در:
و بقیه ،EXETOOLS ،SND TEAM ،ARTeam UnREal RCE(PERSIAN CRACKERS)
به امید سر افرازی پارسیان
105 :تعداد صفحات
PDF :فرمت
حجم 4.5 مگابایت
زبان : پارسی + یک مقاله انگلیسی
LANGUAGE : PARSI
SIZE:4.5MG
PAGE: 105th
FORMAT: PDF
AUTHOR: RE.M -JNop790
MANUAL UNPACKING + ( PLUS)
1-Mup upx 0.89.6 – 1.02 1.05 – 1.24 (1)
2-Mup UPX (2)
3-Mup upx 0.89.6 – 1.02 1.05 – 1.24 (3)
4-Mup upx 0.89.6 – 1.02 1.05 – 1.24 (4)
5-Mup upx $hit 0.0.1
6-Mup ASPack v2 12
7-Mup ASPack v1 08 04
8-Inline Patching ASPacked prog.
9-Mup FSG 1.0
10-Mup Neolite 2.0
11-Mup neolite 2.0 (2)
12-Mup Yoda’s cryptor 1.x/modified
13-+PATCHING TASK MANAGER
14-+Introduction in delphi
15- +HOW TO WRITE A LOADER
16-mup telock 0.98
17-Mup All ver. Of Nspack 2.x – 3.x
18-MUP SPlayer 0.08
19-MUP DLL ARMADILLO 2.51-3.XX
20-Mup AntiCrack Protector v1.41
21-MUPAsprotect 2 Ske WITH SCRIPT
22-MUP ASPR 1.3X
23-+Bypassing ActiveMark TryMedia v5 Debug Check
24-+ICE License Overview Cracking Tomahawk Gold 3.0
25-+Anti TZ Copy Protection
26-MUP PEtite 2.x (english)
http://rapidshare.com/files/133432978/Manual_Unpacking__by_RE.M_-_JNOP790.exe
http://letitbit.net/download/d3082e383904/Manual-Unpacking–by-RE.M—JNOP790.exe.html
TMD/WL Unpacking Tutorial July 29, 2008
Posted by reversengineering in MUPS, Themida.add a comment
TMD/WL Unpacking Tutorial.
Themida Unpacking Tutorial ①
[Article title]: Themida 1.9.3.0 – Unpackme level 6
[Author]: hacnho
[Target]: 4VN Modz Audition Loader – August 2007
[Size]: 1.29 MB (1,359,872 bytes)
[Download page]: 4VN.org
[Packer]: Themida|WinLicense V 1.9.3.0 C.B- > Oreans Technologies
[Compilation language]: Microsoft Visual C++ 8.0
[Tools]: The0DBG + hideToolz by fly, LordPE, ImportREC, peid0.94
[OS]: WinXP_SP2
==========
Themida Unpacking Tutorial ②
[Article title]: Winlicense 1.9.x.x – Unpackme level 6 exp 1
[Author]: hacnho
[Target]: Unknow target 
!
[Size]: 1.88 MB (1,978,368 bytes)
[Download page]: Google
[Packer]: Themida|WinLicense V 1.9.x.x C.B- > Oreans Technologies
[Compilation language]: Borland Delphi 7
[Tools]: The0DBG + hideToolz by fly, LordPE, ImportREC, peid0.94
[OS]: WinXP_SP2
==============
Themida Unpacking Tutorial ③
[Article title]: Themida 1.9.x.x – Unpackme level 6 exp 2
[Author]: hacnho
[Target]: AutoIT
[Size]: 591 KB (605,216 bytes)
[Download page]: Google
[Packer]: Themida|WinLicense V 1.9.x.x C.B- > Oreans Technologies
[Compilation language]: AutoIT
[Tools]: The0DBG + hideToolz by fly, LordPE, ImportREC, peid0.94
[OS]: WinXP_SP2
By. hacnho
!eprot.0_01beta.protector July 29, 2008
Posted by reversengineering in PROTECTOR, TOOLS.add a comment
!eprot.0_01beta.protector-tmx 26/07/2008
by g-l-u-k^tmx
http://letitbit.net/download/ada2d0154824/-eprot-0.0-1-beta-.protector-tmx.rar.html
FBA v1.6.2 Flashback Best Analisator July 29, 2008
Posted by reversengineering in DETECTOR, OTHER, TOOLS.add a comment
FBA v1.6.2 Flashback Best Analisator
by Flashback [Team-X]
Unpacking Armadillo Overlays Series by ChOoKi July 29, 2008
Posted by reversengineering in NEWS.add a comment
HI
uploading all these tutors in one package
plz see here:
AoRE Unpacking English Tutorials July 29, 2008
Posted by reversengineering in asprotect, MUPS, NEWS, other protectors and packers.1 comment so far
AoRE Unpacking EnglishTutorials
FLASH
=====
UNPACKING 12311134
UNPACKING ABC CRYPTOR
UNPACKING ACPROTECT V2
UNPACKING ACPROTECT V2
UNPACKING AHPACK V0
UNPACKING ALEX PROTECTOR
UNPACKING ALLOY V4.3.21
UNPACKING ANTI 007 V2
UNPACKING ANTIDOTE V1
UNPACKING ARM PROTECTOR V0
UNPACKING ARMADILLO AND UPX
UNPACKING ARMADILLO V2
UNPACKING ARMADILLO V4
UNPACKING ARMADILLO V4
UNPACKING ARMADILLO V4
UNPACKING ASCRYPT V0
UNPACKING ASDPACK V2
UNPACKING ASPROTECT V1
UNPACKING ASPROTECT V1
UNPACKING AVERCRYPTOR V1
UNPACKING AVERCRYPTOR V1
UNPACKING BEROEXEPACKER V1
UNPACKING BJFNT V1
UNPACKING C.I. CRYPT V0
UNPACKING C.I. CRYPT V0
UNPACKING CDS SS V1
UNPACKING CELSIUS CRYPT V2
UNPACKING CRUNCH V5
UNPACKING CRYPTOCRACK PE PROTECTOR V0.9
UNPACKING CRYPTX V1
UNPACKING DALKRYPT V1
UNPACKING DEPACK
UNPACKING DEXCRYPT V2
UNPACKING DOTFAKESIGNER
UNPACKING DRAGONARMOUR
UNPACKING ESCARGOT V0
UNPACKING EXE32PACK V1
UNPACKING EXEEVIL V1
UNPACKING EXEFOG V1
UNPACKING EXESHIELDULTRAEDITION V1
UNPACKING EXESTEALTH V2
UNPACKING EXPRESSOR V1.3.0
UNPACKING EZIP V1
UNPACKING FEARZ CRYPTER V1
UNPACKING FSG V2
UNPACKING G!X PROTECTOR V1
UNPACKING G!X PROTECTOR V1
UNPACKING GHF PROTECTOR
UNPACKING GIE PROTECTOR V0
UNPACKING HIDEPX
UNPACKING HMIMYS PROTECT V1
UNPACKING ID APP PROTECTOR V1
UNPACKING JDPACK V1
UNPACKING JDPROTECT V0
UNPACKING KAOS PE-DLL EXECUTABLE UNDETECTER
UNPACKING KKRUNCHY V0
UNPACKING LUCK007 V2
UNPACKING MFKPACK (1)
UNPACKING MFKPACK (2)
UNPACKING MINKE V1
UNPACKING MOLEBOX V2
UNPACKING MORTAL TEAM CRYPTER
UNPACKING MPRESS V0
UNPACKING MR UNDECTETABLE V1
UNPACKING MUCKI PROTECTOR2
UNPACKING NAKEDPACKER V1
UNPACKING NOMER1
UNPACKING NONAMEPACKER
UNPACKING NOODLECRYPT V2
UNPACKING NSPACK V3
UNPACKING OBSIDIUM V1
UNPACKING OPEN SOURCE CODE CRYPTER V1
UNPACKING ORIEN V2
UNPACKING PACK V4
UNPACKING PC SHRINKER V0
UNPACKING PEBUNDLE V3
UNPACKING PECOMPACT V2
UNPACKING PEDIMINISHER V0
UNPACKING PENCRYPT V4
UNPACKING PEPSI V2
UNPACKING PERPLEX PE PROTECTOR V1
UNPACKING PESTIL V1
UNPACKING PESTUBOEP V1
UNPACKING PEX V0
UNPACKING PEX V0
UNPACKING POHERNAH V1.0
UNPACKING POLYBOX V1
UNPACKING POLYENE V0
UNPACKING QRYPT0R
UNPACKING RCRYPTOR V2
UNPACKING RECRYPT V0
UNPACKING RECRYPT V0
UNPACKING RLPACK V1.15-V1
UNPACKING RPOLYCRYPT V1
UNPACKING RUSSIAN CRYPTOR V1
UNPACKING SEXE CRYPTER V1
UNPACKING SHRINKWRAP V1
UNPACKING SIMPLE PACK V1
UNPACKING SLVC0DEPROTECTOR V0
UNPACKING SOFTWARE COMPRESS(LITE) V1
UNPACKING SPLAYER V0
UNPACKING STE@LTH PE V1
UNPACKING SVKP V1
UNPACKING TELOCK V0
UNPACKING THE BEST CRYPTOR
UNPACKING TUBBY CRYPT V1.1
UNPACKING UNDERGROUND CRYPTER V1
UNPACKING UNKOWN CRYPTER V1
UNPACKING UPOLYX V0
UNPACKING UPX
UNPACKING UPXLOCK V1
UNPACKING VCRPYT 0
UNPACKING VIROGEN CRYPT V0
UNPACKING WINDOFCRYPT V1
UNPACKING WINKRYPT V1
UNPACKING WWPACK32 V1
UNPACKING XCR V0
UNPACKING XXPACK V0
UNPACKING YZPACK V1
UNPACKING YZPACK V2
PDF
===
UNPACKING CRYPTOCRACKPEPROTECTOR V0.9
UNPACKING DOTFIX NICEPROTECT V2
UNPACKING DRONY PROTECT V3.0 AND LUCK007 V2
UNPACKING MOLEBOX PRO 2.6.0
UNPACKING MOLEBOX V2
UNPACKING YZPACK V1
FOR FIND LINKS:
http://reversengineering.wordpress.com/huge-collection/aore-unpacking-english-tutorials/
REGARDS
RegFromApp v1.07 July 29, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
RegFromApp monitors the Registry changes made by the application that you selected, and creates a standard RegEdit registration file (.reg) that contains all the Registry changes made by the application. You can use the generated .reg file to import these changes with RegEdit when it’s needed.
System Requirements
This utility works on Windows 2000, Windows XP, Windows Server 2003, and Windows Vista (32-bit only). Older versions of Windows are not supported.
Using RegFromApp
RegFromApp doesn’t require any installation process or additional dll files. In order to start using it, simply run the executable file - RegFromApp.exe
After running it, select the process that you want to inspect, and click Ok. After clicking Ok, each time that the selected process writes a value into the Registry, the main window of RegFromApp will display the written value in Windows .reg file format. You can copy & paste the desired values to another Registry file, or alternatively, you can save the entire Registry changes into a .reg file by using the ’Save As’ option.
Using RegFromApp In Windows Vista
RegFromApp can work in Vista even when UAC (User Account Control) is turned on, as long as the process that you wish to inspect run in the same account and security context of RegFromApp. However, if you want to inspect a process that runs under administrator account, you must also run RegFromApp as administrator. (right-click on RegFromApp.exe and choose ’Run As Administrator’)
Standalone: http://www.nirsoft.net/utils/regfromapp.zip
dUP v2.18 Beta 5 July 29, 2008
Posted by reversengineering in NEWS, TOOLS.3 comments
Changelog
replaced WinExec API by ShellExecute for Windows Vista
bugfix in Dialog for editing S&R Pattern Occurrence
added check for skins button ids
improved window resizing engine
added option “trim to path” for Registry Paths
loader can save now targetfilepath to inifile when its not in same folder
EDB Linux Debugger v 0.9.1 by Evan Teran July 29, 2008
Posted by reversengineering in DEBUGGER, TOOLS.add a comment
Features
* Intuitive GUI interface
* The usual debugging operations (step-into/step-over/run/break)
* Conditional breakpoints
* Debugging core is implemented as a plugin so people can have drop in replacements. Of course if a given platform has several debugging APIs available, then you may have a plugin that implements any of them.
* Basic instruction analysis
* View/Dump memory regions
* Effective address inspection
* The data dump view is tabbed, allowing you to have several views of memory open at the same time and quickly switch between them.
* Importing of symbol maps
* Plugins
o Search for binary strings
o Code Bookmarks
o Breakpoint management
o Check for updates
o Environment variable viewer
o Heap block enumeration
o Opcode search engine plugin has basic functionality (similar to msfelfscan/msfpescan)
o Open file enumeration
o Reference finder
o String searching (like strings command in *nix)
One of the main goals of this debugger is isolation of the debugger core from the display you see. The interface is written in QT4 and thus source portable to many platforms. The debugger core is actually a plugin and the platform specific code is isolated to just a few files, porting to a new OS would require porting these few files and implementing a plugin which implements the “DebuggerCoreInterface” interface. Also, because the plugins are based on the QPlugin API, and do their work through the DebuggerCoreInterface object, they are almost always portable with just a simple recompile. So far, the only plugin I have written which would not port with just a recompile is the heap analysis plugin, due to it’s highly system specific nature.
ProcessActivityView v1.02 July 29, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
ProcessActivityView v1.02
2008-06-14
ProcessActivityView creates a summary of all files and folders that the selected process tries to access. For each file that the process access, the following information is displayed: Number of times that the file was opened and closed, number of read/write calls, total number of read/write bytes, the dll that made the last open-file call, and more…
System Requirements
This utility works on Windows 2000, Windows XP, Windows Server 2003, and Windows Vista (32-bit only). Older versions of Windows are not supported.
Changelog
Version 1.02:
- Removed the automatic requirement to run as admin under Vista.
Version 1.01:
- Fixed bug: The handle of helper dll remained opened after detaching from the inspected process.
- Fixed bug: IE7 in Vista crashed when detaching from the IE process.
Version 1.00:
- First release.
Website
http://www.nirsoft.net/utils/process_activity_view.html
Standalone: http://www.nirsoft.net/utils/processactivityview.zip
Process Lasso v3.04 July 27, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
Process Lasso v3.04
2008-07-26
Changelog
- Fix.Core: Fixed high CPU load when Lasso update speed set to ’Pause’ and the Process Governor is started/restarted.
- Fix.Installer: Fixed issue where two instances of ProcessLasso.exe could end up running after initial install, depending on timing.
- Update.VistaMMSC: Now properly describes network throttling index, removes percentage mark from that value, enforces new max limit (70), and supports disabling of throttling.
Download
Setup: http://www.bitsum.com/files/pssetup.zip
Setup-x64: http://www.bitsum.com/files/pssetup64.zip
Unpacking Armadillo Overlays Series by ChOoKi July 27, 2008
Posted by reversengineering in NEWS.add a comment
FOR more info :
ActiveMark 6.2 Inline Patch Generator, Version 6.2 Only July 27, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
ActiveMark 6.2 Inline Patch Generator, Version 6.2 Only
SRC:http://forums.accessroot.com
Here is a tool I made to generate the Inline Patch for AM 6.2 targets, follow SSlEvIN’s tutorial on how to acquire the needed DWORDS and Values, then find a code cave in the Layer 1 .bss section, note that down. Put all required info into this app and press Generate Inline Patch. This will display the binary string of code for the inline, and copy it to you clipboard for you, then go to your code cave and paste it. after that change the jump to the codecave as shown in SSlEvIN’s tutorial. Enjoy!
Note: the app has pre-entered values for an application, i’m not going to say what app because it’s irrelevant… you can change them to your own.
Next version will generate inline patches for 6.2-6.3 and will have a check to make sure you ONLY put in hexadecimal characters, no such check was implemented in this version so careful
http://letitbit.net/download/357615728964/InlinePatchMaker.rar.html
OllyICE 1.10 by Hacnho July 27, 2008
Posted by reversengineering in DEBUGGER, TOOLS.add a comment
This is an updated release based upon the final OllyDbg release from Hacnho, his further enhanced OllyDbg Hacnho modification. It includes all the bug fixes from his original Hacnho. It is also compressed using the Themida 1.xx Ring-0 engine to help hide the debugger from detection. Be warned it runs quite slowly because of this and it is not very compatible with certain operating systems (WinXP SP2) and applications like anti-virus tools. Blue Screens of Death (BOD) are quite common with this Olly.
http://rapidshare.com/files/132790837/odbg110_OllyICE_v1.10_update.rar
Exeinfo V.0.0.1.9 A 27.7.2008 July 27, 2008
Posted by reversengineering in NEWS.add a comment
for testers only
added :
402. Securom 7.xx.xxxx * -> Sony DADC – www.securom.com
403. *Safedisc V4.50.000 -> Macrovision Corporation
send bugs to asl@onet.eu
rootkit! July 25, 2008
Posted by reversengineering in NEWS.add a comment
nice blogs about this u can find here :
Unpacking Themida/WinLicense 1.8.x July 25, 2008
Posted by reversengineering in MUPS, NEWS, Themida.1 comment so far
for more info and see mup:
http://richie86.wordpress.com/2008/01/24/unpacking-themidawinlicense-18x/
Memory Hacking Software v 5.001 Update July 25, 2008
Posted by reversengineering in OTHER, TOOLS.2 comments
The Sub Search dialog now allows all expressions as valid input.
Fixed a crash in the Code Filter “Highlight by Expression” feature related to using the [] operators.
Added support for Windows® Vista® SP1. Thanks to Napalm of http://www.rohitab.com/ for the EPROCESS definition.
Fixed the for ( ; CONSTANTVALUE; ) bug in the scripts.
Holding Shift while moving the caret with the arrow keys now causes the selection to change in the Hex Editor.
The Code Filter is more stable while single-stepping and opening a process for debug.
# prefix added to the Expression Evaluator to indicate a number should be evaluated as a decimal number. Applies to the Auto-Assembler, which defaults to treating all numbers as hexadecimal.
Added the CaptureScreen function to the scripts.
Added the CallLocalFunction, LoadLibrary, LoadLibraryEx, FreeLibrary, and GetModuleHandle functions to the scripts.
changing in page تغییرات در صفحات July 25, 2008
Posted by reversengineering in NEWS.add a comment
سلام
تغییراتی در صفحات ایجاد شده است قسمت مولتی مدیا حذف و به بخش کلکسیون بزرگ پیوست
با سپاس
hi
multimedia page moved to huge collection
thnaks
old post July 25, 2008
Posted by reversengineering in MUPS.add a comment
Manual unpacking
Manual unpacking and Auto-IAT fixing UPX and Aspack
hi
This flash movie covers how to manual unpack and Auto-IAT fix UPX and Aspack packed binaries. It might be useful for people who are new to malware analysis and don’t have a clue how to unpack and repair a binary. The introduced technique works for many other easy executable packers like FSG too. For best view use a resolution of 1024×768 or higher and select fullscreen (F11) in your browser
link:
http://rapidshare.com/files/37778819/Unpacking_UPX_and_Aspack_with_ESP_Trick.swf
Sysinternals Suite Build 20080724 July 25, 2008
Posted by reversengineering in NEWS, OTHER, TOOLS.add a comment
20080724
Autoruns v9.32: This fixes a 32-bit parsing bug introduced in the v9.31 update.
20080722
Autoruns v9.31: This release fixes a bug displaying missing images that reference paths with spaces, adds support for Sidebar Gadgets on 64-bit Windows, and correctly handles 64-bit paths that reference the program files directory.
Standalone: http://download.sysinternals.com/Files/SysinternalsSuite.zip
